From 434d0ea91f1ad0b672d7faccc350797c253395ca Mon Sep 17 00:00:00 2001 From: Eric Mokaya Date: Thu, 14 Nov 2024 13:21:30 +0300 Subject: [PATCH 1/9] feat(x/staking/types): allow empty allow and deny list --- x/staking/types/authz.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/x/staking/types/authz.go b/x/staking/types/authz.go index 55194c0e28a2..ff9d9c9f2e85 100644 --- a/x/staking/types/authz.go +++ b/x/staking/types/authz.go @@ -166,10 +166,6 @@ func (a StakeAuthorization) Accept(ctx context.Context, msg sdk.Msg) (authz.Acce } func validateAllowAndDenyValidators(allowed, denied []sdk.ValAddress, valAddressCodec address.Codec) ([]string, []string, error) { - if len(allowed) == 0 && len(denied) == 0 { - return nil, nil, sdkerrors.ErrInvalidRequest.Wrap("both allowed & deny list cannot be empty") - } - if len(allowed) > 0 && len(denied) > 0 { return nil, nil, sdkerrors.ErrInvalidRequest.Wrap("cannot set both allowed & deny list") } From 84f688a4b133959419d66bc801ce32b98befa5a7 Mon Sep 17 00:00:00 2001 From: Eric Mokaya Date: Thu, 14 Nov 2024 13:21:46 +0300 Subject: [PATCH 2/9] test(x/staking/types): add test for empty allow and deny list --- x/staking/types/authz_test.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/x/staking/types/authz_test.go b/x/staking/types/authz_test.go index c4ab9dc7bbd8..027f07974b09 100644 --- a/x/staking/types/authz_test.go +++ b/x/staking/types/authz_test.go @@ -211,6 +211,21 @@ func TestAuthzAuthorizations(t *testing.T) { }, MaxTokens: nil, AuthorizationType: stakingtypes.AuthorizationType_AUTHORIZATION_TYPE_DELEGATE, }, }, + { + "delegate: testing empty denyList and allowList", + []sdk.ValAddress{}, + []sdk.ValAddress{}, + stakingtypes.AuthorizationType_AUTHORIZATION_TYPE_DELEGATE, + nil, + stakingtypes.NewMsgDelegate(accAddressToString(t, delAddr), valAddressToString(t, val2), coin100), + false, + false, + &stakingtypes.StakeAuthorization{ + Validators: &stakingtypes.StakeAuthorization_DenyList{ + DenyList: &stakingtypes.StakeAuthorization_Validators{Address: []string{}}, + }, MaxTokens: nil, AuthorizationType: stakingtypes.AuthorizationType_AUTHORIZATION_TYPE_DELEGATE, + }, + }, { "undelegate: expect 0 remaining coins", []sdk.ValAddress{val1, val2}, From 043233be5bf61291722595edeb688b4acd2f08b0 Mon Sep 17 00:00:00 2001 From: Eric Mokaya Date: Thu, 14 Nov 2024 13:28:03 +0300 Subject: [PATCH 3/9] docs(x/staking/types): update docs --- x/authz/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x/authz/README.md b/x/authz/README.md index 405bd5427e6a..9e7ac2502555 100644 --- a/x/authz/README.md +++ b/x/authz/README.md @@ -84,7 +84,7 @@ https://github.com/cosmos/cosmos-sdk/blob/v0.52.0-beta.1/x/bank/types/send_autho #### StakeAuthorization -`StakeAuthorization` implements the `Authorization` interface for messages in the [staking module](https://docs.cosmos.network/main/build/modules/staking). It takes an `AuthorizationType` to specify whether you want to authorize delegation, undelegation, redelegation or cancel unbonding delegation, each of which must be authorized separately. It also takes an optional `MaxTokens` that keeps track of a limit to the amount of tokens that can be delegated/undelegated/redelegated. If left empty, the amount is unlimited. Additionally, this Msg takes an `AllowList` or a `DenyList`, enabling you to specify which validators the grantee can or cannot stake with. +`StakeAuthorization` implements the `Authorization` interface for messages in the [staking module](https://docs.cosmos.network/main/build/modules/staking). It takes an `AuthorizationType` to specify whether you want to authorize delegation, undelegation, redelegation or cancel unbonding delegation, each of which must be authorized separately. It also takes an optional `MaxTokens` that keeps track of a limit to the amount of tokens that can be delegated/undelegated/redelegated. If left empty, the amount is unlimited. Additionally, this Msg takes an `AllowList` or a `DenyList`, enabling you to specify which validators the grantee can or cannot stake with. If both `AllowList` and `DenyList` are empty delegation to all validators is allowed. ```protobuf reference https://github.com/cosmos/cosmos-sdk/blob/v0.52.0-beta.1/x/staking/proto/cosmos/staking/v1beta1/authz.proto#L11-L34 From 8e701bf197db4b4317fb1885d69ded57118fda3f Mon Sep 17 00:00:00 2001 From: Eric Mokaya Date: Thu, 14 Nov 2024 13:33:11 +0300 Subject: [PATCH 4/9] chore(x/staking/types): changelog --- x/staking/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x/staking/CHANGELOG.md b/x/staking/CHANGELOG.md index 24843a45f121..86ba9757e625 100644 --- a/x/staking/CHANGELOG.md +++ b/x/staking/CHANGELOG.md @@ -46,7 +46,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * [#18636](https://github.com/cosmos/cosmos-sdk/pull/18636) `IterateBondedValidatorsByPower`, `GetDelegatorBonded`, `Delegate`, `Unbond`, `Slash`, `Jail`, `SlashRedelegation`, `ApplyAndReturnValidatorSetUpdates` methods no longer panics on any kind of errors but instead returns appropriate errors. * [#18506](https://github.com/cosmos/cosmos-sdk/pull/18506) Detect the length of the ed25519 pubkey in CreateValidator to prevent panic. * [#21315](https://github.com/cosmos/cosmos-sdk/pull/21315) Add a `Validate` method to the `Description` type that validates the metadata as well as other description details. - +* [#22527](https://github.com/cosmos/cosmos-sdk/pull/22527) Allow delegating `StakeAuthorization` to all validators by leaving `AllowList` and `DenyList` empty. ### API Breaking Changes From 5482612d3c36abe7ee1da34a17a204b0bc2908c9 Mon Sep 17 00:00:00 2001 From: Eric Mokaya Date: Thu, 14 Nov 2024 14:11:27 +0300 Subject: [PATCH 5/9] test(systemtests/authz): update empty allow and deny list --- tests/systemtests/authz_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/systemtests/authz_test.go b/tests/systemtests/authz_test.go index f3e0ec748c8b..710c93bb47ad 100644 --- a/tests/systemtests/authz_test.go +++ b/tests/systemtests/authz_test.go @@ -91,7 +91,7 @@ func TestAuthzGrantTxCmd(t *testing.T) { "delegate authorization without allow or deny list", grantee1Addr, []string{"delegate"}, - "both allowed & deny list cannot be empty", + "", false, }, { From 7748dcc1c9f5c4bd1013c049cf526393d1ef1257 Mon Sep 17 00:00:00 2001 From: Eric Mokaya Date: Tue, 19 Nov 2024 20:01:55 +0300 Subject: [PATCH 6/9] test(systemtests/authz): update empty allow and deny list tests --- tests/systemtests/authz_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/systemtests/authz_test.go b/tests/systemtests/authz_test.go index 710c93bb47ad..3946ad3c1a9b 100644 --- a/tests/systemtests/authz_test.go +++ b/tests/systemtests/authz_test.go @@ -112,8 +112,8 @@ func TestAuthzGrantTxCmd(t *testing.T) { "unbond authorization without allow or deny list", grantee1Addr, []string{"unbond"}, - "both allowed & deny list cannot be empty", - false, + "", + true, }, { "unbond authorization with invalid allowed validator address", @@ -133,8 +133,8 @@ func TestAuthzGrantTxCmd(t *testing.T) { "redelegate authorization without allow or deny list", grantee1Addr, []string{"redelegate"}, - "both allowed & deny list cannot be empty", - false, + "", + true, }, { "redelegate authorization with invalid allowed validator address", From 823b93537b357ff004aae93e6a1636063325154c Mon Sep 17 00:00:00 2001 From: Eric Mokaya Date: Tue, 19 Nov 2024 20:51:11 +0300 Subject: [PATCH 7/9] test(systemtests/authz): fix tests --- tests/systemtests/authz_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/systemtests/authz_test.go b/tests/systemtests/authz_test.go index 3946ad3c1a9b..4df05b698dbe 100644 --- a/tests/systemtests/authz_test.go +++ b/tests/systemtests/authz_test.go @@ -90,9 +90,9 @@ func TestAuthzGrantTxCmd(t *testing.T) { { "delegate authorization without allow or deny list", grantee1Addr, - []string{"delegate"}, + []string{"delegate", "--spend-limit=1000" + testDenom}, "", - false, + true, }, { "delegate authorization with invalid allowed validator address", @@ -111,7 +111,7 @@ func TestAuthzGrantTxCmd(t *testing.T) { { "unbond authorization without allow or deny list", grantee1Addr, - []string{"unbond"}, + []string{"unbond", "--spend-limit=1000" + testDenom}, "", true, }, @@ -132,7 +132,7 @@ func TestAuthzGrantTxCmd(t *testing.T) { { "redelegate authorization without allow or deny list", grantee1Addr, - []string{"redelegate"}, + []string{"redelegate", "--spend-limit=1000" + testDenom}, "", true, }, From 0f4507da8d793a69ee0e7b8c840c51061e98712f Mon Sep 17 00:00:00 2001 From: Eric Mokaya Date: Wed, 4 Dec 2024 21:39:12 +0300 Subject: [PATCH 8/9] test(systemtests/authz): fix test cases --- tests/systemtests/authz_test.go | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/tests/systemtests/authz_test.go b/tests/systemtests/authz_test.go index 25036ff27b3f..4a7aa4bf0a8b 100644 --- a/tests/systemtests/authz_test.go +++ b/tests/systemtests/authz_test.go @@ -50,6 +50,10 @@ func TestAuthzGrantTxCmd(t *testing.T) { require.NotEqual(t, granterAddr, grantee5Addr) grantee6Addr := cli.AddKey("grantee6") require.NotEqual(t, granterAddr, grantee6Addr) + grantee7Addr := cli.AddKey("grantee7") + require.NotEqual(t, granterAddr, grantee7Addr) + grantee8Addr := cli.AddKey("grantee8") + require.NotEqual(t, granterAddr, grantee8Addr) systest.Sut.StartChain(t) @@ -89,13 +93,6 @@ func TestAuthzGrantTxCmd(t *testing.T) { "msg type cannot be empty", true, }, - { - "delegate authorization without allow or deny list", - grantee1Addr, - []string{"delegate", "--spend-limit=1000" + testDenom}, - "", - true, - }, { "delegate authorization with invalid allowed validator address", grantee1Addr, @@ -131,13 +128,6 @@ func TestAuthzGrantTxCmd(t *testing.T) { "decoding bech32 failed", false, }, - { - "redelegate authorization without allow or deny list", - grantee1Addr, - []string{"redelegate", "--spend-limit=1000" + testDenom}, - "", - true, - }, { "redelegate authorization with invalid allowed validator address", grantee1Addr, @@ -194,6 +184,20 @@ func TestAuthzGrantTxCmd(t *testing.T) { "", false, }, + { + "redelegate authorization without allow or deny list", + grantee7Addr, + []string{"redelegate", "--spend-limit=1000" + testDenom}, + "", + false, + }, + { + "delegate authorization without allow or deny list", + grantee8Addr, + []string{"delegate", "--spend-limit=1000" + testDenom}, + "", + false, + }, } grantsCount := 0 From e712e1f045ca124f0e6a29f985424bbbc00b16d0 Mon Sep 17 00:00:00 2001 From: Eric Mokaya Date: Fri, 6 Dec 2024 00:15:51 +0300 Subject: [PATCH 9/9] test(systemtests/authz): fix test cases --- tests/systemtests/authz_test.go | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/tests/systemtests/authz_test.go b/tests/systemtests/authz_test.go index 4a7aa4bf0a8b..80665572bc56 100644 --- a/tests/systemtests/authz_test.go +++ b/tests/systemtests/authz_test.go @@ -54,6 +54,8 @@ func TestAuthzGrantTxCmd(t *testing.T) { require.NotEqual(t, granterAddr, grantee7Addr) grantee8Addr := cli.AddKey("grantee8") require.NotEqual(t, granterAddr, grantee8Addr) + grantee9Addr := cli.AddKey("grantee9") + require.NotEqual(t, granterAddr, grantee9Addr) systest.Sut.StartChain(t) @@ -107,13 +109,6 @@ func TestAuthzGrantTxCmd(t *testing.T) { "decoding bech32 failed", false, }, - { - "unbond authorization without allow or deny list", - grantee1Addr, - []string{"unbond", "--spend-limit=1000" + testDenom}, - "", - true, - }, { "unbond authorization with invalid allowed validator address", grantee1Addr, @@ -171,30 +166,37 @@ func TestAuthzGrantTxCmd(t *testing.T) { false, }, { - "valid unbond authorization", + "valid delegate authorization without allow or deny list", grantee5Addr, - []string{"unbond", "--deny-validators=" + valOperAddr}, + []string{"delegate", "--spend-limit=1000" + testDenom}, "", false, }, { - "valid redelegate authorization", + "valid unbond authorization", grantee6Addr, - []string{"redelegate", "--allowed-validators=" + valOperAddr}, + []string{"unbond", "--deny-validators=" + valOperAddr}, "", false, }, { - "redelegate authorization without allow or deny list", + "valid unbond authorization without allow or deny list", grantee7Addr, - []string{"redelegate", "--spend-limit=1000" + testDenom}, + []string{"unbond", "--spend-limit=1000" + testDenom}, "", false, }, { - "delegate authorization without allow or deny list", + "valid redelegate authorization", grantee8Addr, - []string{"delegate", "--spend-limit=1000" + testDenom}, + []string{"redelegate", "--allowed-validators=" + valOperAddr}, + "", + false, + }, + { + "valid redelegate authorization without allow or deny list", + grantee9Addr, + []string{"redelegate", "--spend-limit=1000" + testDenom}, "", false, },